WordPress Zero Spam - Version 4.9.7

Version Description

  • Enhancement - Added enhanced site security features (no configuration required)
  • Enhancement - Added plugin version to the information shared to Zero Spam (optional).
  • Optimization - Misc. code clean-up
Download this release

Release Info

Developer bmarshall511
Plugin Icon 128x128 WordPress Zero Spam
Version 4.9.7
Comparing to
See all releases

Code changes from version 4.9.6 to 4.9.7

Files changed (4) hide show
  1. inc/helpers.php +112 -91
  2. inc/{filters.php → security.php} +28 -6
  3. readme.txt +8 -1
  4. wordpress-zero-spam.php +4 -4
inc/helpers.php CHANGED
@@ -274,7 +274,7 @@ if ( ! function_exists( 'wpzerospam_attempt_blocked' ) ) {
274
  ]);
275
  }
276
 
277
- wpzerospam_log_spam( 'blocked', [ 'reason' => $reason ] );
278
 
279
  if ( 'redirect' == $options['block_handler'] ) {
280
  wp_redirect( esc_url( $options['blocked_redirect_url'] ) );
@@ -286,18 +286,124 @@ if ( ! function_exists( 'wpzerospam_attempt_blocked' ) ) {
286
  }
287
  }
288
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
289
 
 
 
 
 
 
 
290
 
 
 
 
 
291
 
 
 
 
 
 
 
 
292
 
 
 
 
 
 
 
 
293
 
 
 
 
 
 
 
 
 
294
 
 
 
 
295
 
 
 
 
296
 
 
 
 
 
 
 
 
297
 
 
 
 
298
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
299
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
300
 
 
 
 
 
 
 
 
 
 
 
301
 
302
 
303
 
@@ -307,62 +413,14 @@ if ( ! function_exists( 'wpzerospam_attempt_blocked' ) ) {
307
 
308
 
309
 
310
- /**
311
- * Create a log entry if logging is enabled
312
- */
313
- if ( ! function_exists( 'wpzerospam_log_spam' ) ) {
314
- function wpzerospam_log_spam( $type, $data = [] ) {
315
- global $wpdb;
316
 
317
- $options = wpzerospam_options();
318
 
319
- if ( ! empty( $data['ip'] ) ) {
320
- $ip_address = $data['ip'];
321
- unset( $data['ip'] );
322
- } else {
323
- $ip_address = wpzerospam_ip();
324
- }
325
 
326
- // Check is the spam detection should be shared
327
- if ( 'enabled' == $options['share_detections'] ) {
328
- wpzerospam_send_detection([
329
- 'ip' => $ip_address,
330
- 'type' => $type
331
- ]);
332
- }
333
 
334
- // Check if spam logging is enabled, also check if type is 'denied'
335
- // (blocked IP address) & logging of blocked IPs is enabled.
336
- if ( 'enabled' != $options['log_spam'] ||
337
- ( 'blocked' == $type && 'enabled' != $options['log_blocked_ips'] )
338
- ) {
339
- // Logging disabled
340
- return false;
341
- }
342
 
343
- $current_url = wpzerospam_current_url();
344
- $location_info = wpzerospam_get_ip_info( $ip_address );
345
 
346
- // Add record to the database
347
- $record = [
348
- 'log_type' => $type,
349
- 'user_ip' => wpzerospam_ip(),
350
- 'date_recorded' => current_time( 'mysql' ),
351
- 'page_url' => $current_url['full'],
352
- 'submission_data' => json_encode( $data )
353
- ];
354
 
355
- if ( $location_info ) {
356
- $record['country'] = $location_info['country_code'];
357
- $record['region'] = $location_info['region_code'];
358
- $record['city'] = $location_info['city'];
359
- $record['latitude'] = $location_info['latitude'];
360
- $record['longitude'] = $location_info['longitude'];
361
- }
362
 
363
- $wpdb->insert( wpzerospam_tables( 'log' ), $record );
364
- }
365
- }
366
 
367
 
368
 
@@ -555,7 +613,7 @@ if ( ! function_exists( 'wpzerospam_spam_detected' ) ) {
555
  $ip = wpzerospam_ip();
556
 
557
  // Log the spam sttempt
558
- wpzerospam_log_spam( $type, $data );
559
 
560
  // Check if number attempts should result in a permanent block
561
  $blocked_ip = wpzerospam_get_blocked_ips( $ip );
@@ -710,11 +768,11 @@ if ( ! function_exists( 'wpzerospam_plugin_integration_enabled' ) ) {
710
  $options = wpzerospam_options();
711
 
712
  $integrations = [
713
- 'cf7' => 'contact-form-7/wp-contact-form-7.php',
714
  'gform' => 'gravityforms/gravityforms.php',
715
- 'fluentform' => 'fluentform/fluentform.php',
716
- 'wpforms' => [ 'wpforms/wpforms.php', 'wpforms-lite/wpforms.php' ],
717
- 'formidable' => 'formidable/formidable.php',
718
  ];
719
 
720
  // Handle BuddyPress check a little differently for presence of a function
@@ -769,40 +827,3 @@ if ( ! function_exists( 'wpzerospam_is_login' ) ) {
769
  return false;
770
  }
771
  }
772
-
773
- /**
774
- * Sends a spam detection to the WordPress Zero Spam database
775
- */
776
- if ( ! function_exists( 'wpzerospam_send_detection' ) ) {
777
- function wpzerospam_send_detection( $data ) {
778
- $api_url = 'https://zerospam.org/wp-json/wpzerospamapi/v1/detection/';
779
-
780
- if (
781
- empty( $data['ip'] ) ||
782
- empty( $data['type'] )
783
- ) {
784
- return false;
785
- }
786
-
787
- $request_args = [
788
- 'method' => 'POST',
789
- 'body' => [
790
- 'ip' => $data['ip'],
791
- 'type' => $data['type'],
792
- 'site' => site_url()
793
- ],
794
- 'sslverify' => true
795
- ];
796
-
797
- if ( WP_DEBUG ) {
798
- $request_args['sslverify'] = false;
799
- }
800
-
801
- $request = wp_remote_post( $api_url, $request_args );
802
- if ( is_wp_error( $request ) ) {
803
- return false;
804
- }
805
-
806
- return wp_remote_retrieve_body( $request );
807
- }
808
- }
274
  ]);
275
  }
276
 
277
+ wpzerospam_detection( 'blocked', [ 'reason' => $reason ] );
278
 
279
  if ( 'redirect' == $options['block_handler'] ) {
280
  wp_redirect( esc_url( $options['blocked_redirect_url'] ) );
286
  }
287
  }
288
 
289
+ /**
290
+ * Fired anytime a malicious attempt or spam submission is detected.
291
+ *
292
+ * This functions logs (if enabled) detections & handles sharing those
293
+ * detections with Zero Spam (if enabled).
294
+ *
295
+ * @since 4.9.7
296
+ *
297
+ * @param string $type Machine-readable name of the detection type. Pass an 'ip'
298
+ * key to define a specific IP address vs. inferring it
299
+ * from the current users IP address.
300
+ * @param array $data Optional. Array of additional information to log.
301
+ */
302
+ if ( ! function_exists( 'wpzerospam_detection' ) ) {
303
+ function wpzerospam_detection( $type, $data = [] ) {
304
+ global $wpdb;
305
+ $options = wpzerospam_options();
306
 
307
+ // Setup the detection record.
308
+ $record = [
309
+ 'user_ip' => wpzerospam_ip(),
310
+ 'log_type' => $type,
311
+ 'date_recorded' => current_time( 'mysql' )
312
+ ];
313
 
314
+ // Check if an IP address is present, if not, get it from the current user.
315
+ if ( ! empty( $data['ip'] ) && rest_is_ip_address( $data['ip'] ) ) {
316
+ $record['user_ip'] = $data['ip'];
317
+ }
318
 
319
+ // Make sure an IP address was found.
320
+ if (
321
+ empty( $record['user_ip'] ) ||
322
+ ! rest_is_ip_address( $record['user_ip'] )
323
+ ) {
324
+ return false;
325
+ }
326
 
327
+ // If sharing detections is enabled, send the detection to Zero Spam.
328
+ if ( 'enabled' == $options['share_detections'] ) {
329
+ wpzerospam_share_detection([
330
+ 'ip' => $record['user_ip'],
331
+ 'type' => $record['type']
332
+ ]);
333
+ }
334
 
335
+ // Check if logging detections & 'blocks' are enabled.
336
+ if (
337
+ 'enabled' != $options['log_spam'] ||
338
+ ('blocked' == $record['type'] && 'enabled' != $options['log_blocked_ips'])
339
+ ) {
340
+ // Logging disabled.
341
+ return false;
342
+ }
343
 
344
+ // Logging enabled, get the current URL & IP location information.
345
+ $location = wpzerospam_get_ip_info( $record['user_ip'] );
346
+ $current_url = wpzerospam_current_url();
347
 
348
+ // Add additional information to the detection record.
349
+ $record['page_url'] = ! empty( $current_url['full'] ) ? $current_url['full'] : false;
350
+ $record['submission_data'] = json_encode( $data );
351
 
352
+ if ( $location ) {
353
+ $record['country'] = ! empty( $location['country_code'] ) ? $location['country_code'] : false;
354
+ $record['region'] = ! empty( $location['region_code'] ) ? $location['region_code'] : false;
355
+ $record['city'] = ! empty( $location['city'] ) ? $location['city'] : false;
356
+ $record['latitude'] = ! empty( $location['latitude'] ) ? $location['latitude'] : false;
357
+ $record['longitude'] = ! empty( $location['longitude'] ) ? $location['longitude'] : false;
358
+ }
359
 
360
+ return $wpdb->insert( wpzerospam_tables( 'log' ), $record );
361
+ }
362
+ }
363
 
364
+ /**
365
+ * Shares a detection with the Zero Spam database.
366
+ */
367
+ function wpzerospam_share_detection( $data ) {
368
+ // The Zero Spam API endpoint for sharing detections.
369
+ $api_url = 'https://zerospam.org/wp-json/wpzerospamapi/v1/detection/';
370
+
371
+ // Make sure a type & valid IP address are provided.
372
+ if (
373
+ empty( $data['ip'] ) ||
374
+ ! rest_is_ip_address( $data['ip'] ) ||
375
+ empty( $data['type'] )
376
+ ) {
377
+ return false;
378
+ }
379
 
380
+ // Setup the request parameters.
381
+ $request_args = [
382
+ 'method' => 'POST',
383
+ 'body' => [
384
+ 'ip' => $data['ip'],
385
+ 'type' => $data['type'],
386
+ 'site' => site_url(),
387
+ 'version' => WORDPRESS_ZERO_SPAM_VERSION
388
+ ],
389
+ 'sslverify' => true
390
+ ];
391
+
392
+ // For debugging purposes only.
393
+ if ( WP_DEBUG ) {
394
+ $request_args['sslverify'] = false;
395
+ }
396
 
397
+ // Send the request.
398
+ $request = wp_remote_post( $api_url, $request_args );
399
+ if ( is_wp_error( $request ) ) {
400
+ // Request failed.
401
+ return false;
402
+ }
403
+
404
+ // Request succeeded, return the result.
405
+ return wp_remote_retrieve_body( $request );
406
+ }
407
 
408
 
409
 
413
 
414
 
415
 
 
 
 
 
 
 
416
 
 
417
 
 
 
 
 
 
 
418
 
 
 
 
 
 
 
 
419
 
 
 
 
 
 
 
 
 
420
 
 
 
421
 
 
 
 
 
 
 
 
 
422
 
 
 
 
 
 
 
 
423
 
 
 
 
424
 
425
 
426
 
613
  $ip = wpzerospam_ip();
614
 
615
  // Log the spam sttempt
616
+ wpzerospam_detection( $type, $data );
617
 
618
  // Check if number attempts should result in a permanent block
619
  $blocked_ip = wpzerospam_get_blocked_ips( $ip );
768
  $options = wpzerospam_options();
769
 
770
  $integrations = [
771
+ 'cf7' => 'contact-form-7/wp-contact-form-7.php',
772
  'gform' => 'gravityforms/gravityforms.php',
773
+ 'fluentform' => 'fluentform/fluentform.php',
774
+ 'wpforms' => [ 'wpforms/wpforms.php', 'wpforms-lite/wpforms.php' ],
775
+ 'formidable' => 'formidable/formidable.php',
776
  ];
777
 
778
  // Handle BuddyPress check a little differently for presence of a function
827
  return false;
828
  }
829
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
inc/{filters.php → security.php} RENAMED
@@ -1,16 +1,20 @@
1
  <?php
2
  /**
3
- * WP filters
4
  *
5
  * @package WordPressZeroSpam
6
- * @since 4.6.0
7
  */
8
 
9
-
10
- if ( ! function_exists( 'wpzerospam_filters' ) ) {
11
- function wpzerospam_filters() {
 
 
12
  $options = wpzerospam_options();
13
 
 
 
14
  if ( 'enabled' == $options['strip_comment_links'] ) {
15
  remove_filter( 'comment_text', 'make_clickable', 9 );
16
 
@@ -28,7 +32,25 @@ if ( ! function_exists( 'wpzerospam_filters' ) ) {
28
  }
29
  }
30
  }
31
- add_action( 'after_setup_theme', 'wpzerospam_filters' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
32
 
33
  if ( ! function_exists( 'wpzerospam_remove_author_url_field' ) ) {
34
  function wpzerospam_remove_author_url_field( $fields ) {
1
  <?php
2
  /**
3
+ * Action & filter hooks to boost site security
4
  *
5
  * @package WordPressZeroSpam
6
+ * @since 4.9.7
7
  */
8
 
9
+ /**
10
+ * WordPress filter hooks
11
+ */
12
+ if ( ! function_exists( 'wpzerospam_filter_hooks' ) ) {
13
+ function wpzerospam_filter_hooks() {
14
  $options = wpzerospam_options();
15
 
16
+ add_filter( 'the_generator', 'wpzerospam_remove_generator' );
17
+
18
  if ( 'enabled' == $options['strip_comment_links'] ) {
19
  remove_filter( 'comment_text', 'make_clickable', 9 );
20
 
32
  }
33
  }
34
  }
35
+
36
+ /**
37
+ * WordPress action hooks
38
+ */
39
+ if ( ! function_exists( 'wpzerospam_action_hooks' ) ) {
40
+ function wpzerospam_action_hooks() {
41
+ // Remove the generator meta tag
42
+ remove_action( 'wp_head', 'wp_generator' );
43
+ }
44
+ }
45
+
46
+ add_action( 'after_setup_theme', 'wpzerospam_filter_hooks' );
47
+ add_action( 'after_setup_theme', 'wpzerospam_action_hooks' );
48
+
49
+ if ( ! function_exists( 'wpzerospam_remove_generator' ) ) {
50
+ function wpzerospam_remove_generator() {
51
+ return '';
52
+ }
53
+ }
54
 
55
  if ( ! function_exists( 'wpzerospam_remove_author_url_field' ) ) {
56
  function wpzerospam_remove_author_url_field( $fields ) {
readme.txt CHANGED
@@ -5,7 +5,7 @@ Donate link: https://benmarshall.me/donate/?utm_source=wordpress_zero_spam&utm_m
5
  Requires at least: 5.2
6
  Tested up to: 5.4.2
7
  Requires PHP: 7.1
8
- Stable tag: 4.9.6
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
@@ -21,6 +21,7 @@ In addition, it integrates with other popular plugins to provide all around prot
21
 
22
  = WordPress Zero Spam features =
23
 
 
24
  * **No captcha**, spam isn't a users' problem
25
  * **No moderation queues**, spam isn't a administrators' problem
26
  * **Blocks 99.9% of spam** submissions
@@ -118,6 +119,12 @@ Yes. It does not store any kind of personally identifiable information. Only one
118
 
119
  == Changelog ==
120
 
 
 
 
 
 
 
121
  = 4.9.6 =
122
 
123
  * Fix - Gravity Forms not catching spam.
5
  Requires at least: 5.2
6
  Tested up to: 5.4.2
7
  Requires PHP: 7.1
8
+ Stable tag: 4.9.7
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
21
 
22
  = WordPress Zero Spam features =
23
 
24
+ * **Site security enhancements**, no config required
25
  * **No captcha**, spam isn't a users' problem
26
  * **No moderation queues**, spam isn't a administrators' problem
27
  * **Blocks 99.9% of spam** submissions
119
 
120
  == Changelog ==
121
 
122
+ = 4.9.7 =
123
+
124
+ * Enhancement - Added enhanced site security features (no configuration required)
125
+ * Enhancement - Added plugin version to the information shared to Zero Spam (optional).
126
+ * Optimization - Misc. code clean-up
127
+
128
  = 4.9.6 =
129
 
130
  * Fix - Gravity Forms not catching spam.
wordpress-zero-spam.php CHANGED
@@ -13,7 +13,7 @@
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://benmarshall.me/wordpress-zero-spam
15
  * Description: Tired of all the useless and bloated WordPress spam plugins? The WordPress Zero Spam plugin makes blocking spam a cinch. <strong>Just install, activate and say goodbye to spam.</strong> Based on work by <a href="http://davidwalsh.name/wordpress-comment-spam" target="_blank">David Walsh</a>.
16
- * Version: 4.9.6
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.2
19
  * Author: Ben Marshall
@@ -31,7 +31,7 @@ defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
31
  // Define plugin constants
32
  define( 'WORDPRESS_ZERO_SPAM', __FILE__ );
33
  define( 'WORDPRESS_ZERO_SPAM_DB_VERSION', '0.5' );
34
- define( 'WORDPRESS_ZERO_SPAM_VERSION', '4.9.6' );
35
 
36
  /**
37
  * Utility helper functions
@@ -133,9 +133,9 @@ require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'inc/scripts.php';
133
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'inc/admin.php';
134
 
135
  /**
136
- * WP filters
137
  */
138
- require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'inc/filters.php';
139
 
140
  /**
141
  * Below are the includes for individual spam check integrations
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://benmarshall.me/wordpress-zero-spam
15
  * Description: Tired of all the useless and bloated WordPress spam plugins? The WordPress Zero Spam plugin makes blocking spam a cinch. <strong>Just install, activate and say goodbye to spam.</strong> Based on work by <a href="http://davidwalsh.name/wordpress-comment-spam" target="_blank">David Walsh</a>.
16
+ * Version: 4.9.7
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.2
19
  * Author: Ben Marshall
31
  // Define plugin constants
32
  define( 'WORDPRESS_ZERO_SPAM', __FILE__ );
33
  define( 'WORDPRESS_ZERO_SPAM_DB_VERSION', '0.5' );
34
+ define( 'WORDPRESS_ZERO_SPAM_VERSION', '4.9.7' );
35
 
36
  /**
37
  * Utility helper functions
133
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'inc/admin.php';
134
 
135
  /**
136
+ * Action & filter hooks for enhanced site security
137
  */
138
+ require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'inc/security.php';
139
 
140
  /**
141
  * Below are the includes for individual spam check integrations